| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| package org.apache.axis2.java.security; |
| |
| import java.security.AccessControlContext; |
| import java.security.AccessControlException; |
| import java.security.Permission; |
| import java.security.PrivilegedAction; |
| import java.security.PrivilegedActionException; |
| import java.security.PrivilegedExceptionAction; |
| |
| /** |
| * This utility wrapper class is created to support AXIS2 runs |
| * inside of Java 2 Security environment. Due to the access control |
| * checking algorithm, for Java 2 Security to function properly, |
| * <code>doPrivileged()</code> |
| * is required in cases where there is application code on the stack frame |
| * accessing the system resources (ie, read/write files, opening ports, and etc). |
| * This class also improve performance no matther Security Manager is being enabled |
| * or not. |
| * <p/> |
| * Note: This utility should be used properly, otherwise might introduce |
| * security holes. |
| * <p/> |
| * Usage Example: |
| * <code> |
| * public void changePassword() { |
| * ... |
| * AccessController.doPrivileged(new PrivilegedAction() { |
| * public Object run() { |
| * f = Util.openPasswordFile(); |
| * ... |
| * <p/> |
| * } |
| * }); |
| * ... |
| * } |
| * </code> |
| */ |
| |
| |
| public class AccessController { |
| |
| /** |
| * Performs the specified <code>PrivilegedAction</code> with privileges |
| * enabled if a security manager is present. |
| * <p/> |
| * If the action's <code>run</code> method throws an (unchecked) exception, |
| * it will propagate through this method. |
| * |
| * @param action the action to be performed. |
| * @return the value returned by the action's <code>run</code> method. |
| * @see #doPrivileged(PrivilegedAction,AccessControlContext) |
| * @see #doPrivileged(PrivilegedExceptionAction) |
| */ |
| public static <T> T doPrivileged(PrivilegedAction<T> action) { |
| SecurityManager sm = System.getSecurityManager(); |
| if (sm == null) { |
| return (action.run()); |
| } else { |
| return java.security.AccessController.doPrivileged(action); |
| } |
| } |
| |
| |
| /** |
| * Performs the specified <code>PrivilegedAction</code> with privileges |
| * enabled and restricted by the specified <code>AccessControlContext</code>. |
| * The action is performed with the intersection of the permissions |
| * possessed by the caller's protection domain, and those possessed |
| * by the domains represented by the specified |
| * <code>AccessControlContext</code> if a security manager is present. |
| * <p/> |
| * <p/> |
| * If the action's <code>run</code> method throws an (unchecked) exception, |
| * it will propagate through this method. |
| * |
| * @param action the action to be performed. |
| * @param context an <i>access control context</i> representing the |
| * restriction to be applied to the caller's domain's |
| * privileges before performing the specified action. |
| * @return the value returned by the action's <code>run</code> method. |
| * @see #doPrivileged(PrivilegedAction) |
| * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) |
| */ |
| public static <T> T doPrivileged(PrivilegedAction<T> action, AccessControlContext context) { |
| SecurityManager sm = System.getSecurityManager(); |
| if (sm == null) { |
| return action.run(); |
| } else { |
| return java.security.AccessController.doPrivileged(action, context); |
| } |
| } |
| |
| /** |
| * Performs the specified <code>PrivilegedExceptionAction</code> with |
| * privileges enabled. The action is performed with <i>all</i> of the |
| * permissions possessed by the caller's protection domain. |
| * <p/> |
| * If the action's <code>run</code> method throws an <i>unchecked</i> |
| * exception, it will propagate through this method. |
| * |
| * @param action the action to be performed. |
| * @return the value returned by the action's <code>run</code> method. |
| * @throws PrivilgedActionException the specified action's |
| * <code>run</code> method threw a <i>checked</i> exception. |
| * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) |
| * @see #doPrivileged(PrivilegedAction) |
| */ |
| public static <T> T doPrivileged(PrivilegedExceptionAction<T> action) |
| throws PrivilegedActionException { |
| SecurityManager sm = System.getSecurityManager(); |
| if (sm == null) { |
| try { |
| return action.run(); |
| } catch (java.lang.RuntimeException e) { |
| throw e; |
| } catch (Exception e) { |
| throw new PrivilegedActionException(e); |
| } |
| } else { |
| return java.security.AccessController.doPrivileged(action); |
| } |
| } |
| |
| |
| /** |
| * Performs the specified <code>PrivilegedExceptionAction</code> with |
| * privileges enabled and restricted by the specified |
| * <code>AccessControlContext</code>. The action is performed with the |
| * intersection of the the permissions possessed by the caller's |
| * protection domain, and those possessed by the domains represented by the |
| * specified <code>AccessControlContext</code>. |
| * <p/> |
| * If the action's <code>run</code> method throws an <i>unchecked</i> |
| * exception, it will propagate through this method. |
| * |
| * @param action the action to be performed. |
| * @param context an <i>access control context</i> representing the |
| * restriction to be applied to the caller's domain's |
| * privileges before performing the specified action. |
| * @return the value returned by the action's <code>run</code> method. |
| * @throws PrivilegedActionException the specified action's |
| * <code>run</code> method |
| * threw a <i>checked</i> exception. |
| * @see #doPrivileged(PrivilegedAction) |
| * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext) |
| */ |
| public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, |
| AccessControlContext context) |
| throws PrivilegedActionException { |
| |
| SecurityManager sm = System.getSecurityManager(); |
| if (sm == null) { |
| try { |
| return action.run(); |
| } catch (java.lang.RuntimeException e) { |
| throw e; |
| } catch (Exception e) { |
| throw new PrivilegedActionException(e); |
| } |
| } else { |
| return java.security.AccessController.doPrivileged(action, context); |
| } |
| } |
| |
| /** |
| * This method takes a "snapshot" of the current calling context, which |
| * includes the current Thread's inherited AccessControlContext, |
| * and places it in an AccessControlContext object. This context may then |
| * be checked at a later point, possibly in another thread. |
| * |
| * @return the AccessControlContext based on the current context. |
| * @see AccessControlContext |
| */ |
| public static AccessControlContext getContext() { |
| return java.security.AccessController.getContext(); |
| } |
| |
| /** |
| * Determines whether the access request indicated by the |
| * specified permission should be allowed or denied, based on |
| * the security policy currently in effect. |
| * This method quietly returns if the access request |
| * is permitted, or throws a suitable AccessControlException otherwise. |
| * |
| * @param perm the requested permission. |
| * @throws AccessControlException if the specified permission |
| * is not permitted, based on the current security policy. |
| */ |
| public static void checkPermission(Permission perm) throws AccessControlException { |
| java.security.AccessController.checkPermission(perm); |
| } |
| |
| /** |
| * No instantiation allowed |
| */ |
| private AccessController() { |
| } |
| } |